ONVU Learning supports Microsoft Single Sign On (SSO) using Microsoft Office 365 Accounts. There are two methods of access via SSO:
- Individual user access with Microsoft Office 365 Account
- Centrally Managed Microsoft Office 365 Access.
Individual user access with Microsoft Office 365 Account
Any ONVU Learning user with Microsoft Office 365 Account will be able to use those SSO credentials to access ONVU learning instead of their ONVU Learning password.
Centrally Managed Microsoft Office 365 Access
For increased security and ease of use, the IT administrator may wish to only allow users to log-in with their Office 365 accounts. This enables administrators to apply their organisational security policies, such as two-factor authentication and password complexity requirements and will prevent access to ONVU Learning if a specific account is no longer active. To centrally manage user account access, simply request to link your school domain to your organisation.
Note that a user will still have the option to login with an ONVU account password unless the IT administrator has chosen Centrally Managed SSO by linking their domain as above.
Individual user access with Microsoft Office 365 Account
Set up:
- No specific set up is required to enable invited users to use their non domain linked Microsoft email address and credentials as long as it matches the invited email address.
User Access:
- Users will be asked to enter their invited email address in the login screen (Fig.1)
Figure 1
- As they are entering an email address that is not using a linked domain (Centrally Managed) they will be presented with two ways to login. (Fig.2)
Figure 2
- They can choose to create a password for the email address and log directly into ONVU learning as they do today.
- Alternatively, they can select the login with Microsoft option and use their Microsoft credentials (that match their invited email address) to login. (Fig.3)
Figure 3
- They will then be logged into ONVU learning and taken to their dashboard.
Centrally Managed Microsoft Office 365 Access Set up:
- Administrator access is required.
- Go to User Management > User Security (Fig.4)
Figure 4
- Under the SSO section, select click here (Fig 4) to request domains to be added to your organisation
- Please update the form (Fig.5) with your domains and click submit. You will be sent a confirmation once the domains are set up on the system. Please note you should only add domains that your organisation owns.
Figure 5
- Please note adding a domain means users with email addresses using these domains will only be able to use their Microsoft Office 365 Account to log into ONVU learning. If they already have an existing ONVU learning password for their email address, this will be deleted and they will need to login via their Microsoft Office 365 Account.
- Once added you will see the domains listed as below, you can add, remove domains or request the feature to be disabled by selecting Click here. (Fig.6)
Figure 6
User Access:
- Once set up, your users will be presented with the following login page (Fig.7):
Figure 7
- Once they enter their email address and click next a Microsoft login pop up will be shown for them to enter their regular password (Fig.8)
Figure 8
- If they are a member of more the one ONVU learning organisation, they will be asked to select the organization they wish to access (Fig.9)
Figure 9
- They will then be logged into ONVU Learning and taken to their dashboard.
- Once they log out, they will be asked to logout of their SSO account. (Fig.10) Please note: This will only log them out of ONVU Learning not other SSO applications
Figure 10
User Administration
- From an Administrator point of view you will be able to see which users are assigned to use SSO only and which are not from the User management page. (Fig.11)
Figure 11
Please note the following:
- Currently SSO is only available for Microsoft Office 365 accounts
- You should only add domains that your organisation owns. You are not able to add generic domains such as gmail.com, hotmail.com etc.
- Only Administrators can request to add an SSO domain to an organisation
- An SSO user will not be required to use ONVU 2-Factor Authentication, appropriate authentication will need to be set up with the SSO provider
- Once a domain is added invited users with that domain will only be able to use SSO to login to ONVU learning. If existing users already have set up a ONVU learning password for their username, this will be deleted, and they will need to use their SSO password.
- If Centrally Managed SSO is enforced for a user, the administrator will no longer see a ‘Send password reset email’ option in the User Management screen for that user as this is controlled by the SSO provider
- When an SSO user logs out of ONVU Learning, they will remain logged into SSO.
- If Centrally Managed SSO is enforced for a user, and their account is deactivated, they will no longer be able to access ONVU Learning.
- If an individual (non-centrally managed) SSO user has their SSO access deactivated, they will still be able to access ONVU Learning if they have an ONVU password.
- Although access is controlled via SSO, to remove a user and all related clips and data from ONVU Learning, an administrator must remove them from within the application, whether they are an SSO or ONVU account user
- If you decide to unlink an SSO domain then all users of that domain would need to create a password via the forgot password link to access ONVU learning.